| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Jun 2018 07:57:17 +0200 From: Willy Tarreau <w@....eu> To: Sam Patton <sam@...ancedip.org> Cc: netdev@...r.kernel.org Subject: Re: ANNOUNCE: Enhanced IP v1.4 Hello Sam, On Fri, Jun 01, 2018 at 09:48:28PM -0400, Sam Patton wrote: > Hello! > > If you do not know what Enhanced IP is, read this post on netdev first: > > https://www.spinics.net/lists/netdev/msg327242.html > > > The Enhanced IP project presents: > > Enhanced IP v1.4 > > The Enhanced IP (EnIP) code has been updated. It now builds with OpenWRT barrier breaker (for 148 different devices). We've been testing with the Western Digital N600 and N750 wireless home routers. (...) First note, please think about breaking your lines if you want your mails to be read by the widest audience, as for some of us here, reading lines wider than a terminal is really annoying, and often not considered worth spending time on them considering there are so many easier ones left to read. > Interested in seeing Enhanced IP in the Linux kernel, read on. Not > interested in seeing Enhanced IP in the Linux kernel read on. (...) So I personally find the concept quite interesting. It reminds me of the previous IPv5/IPv7/IPv8 initiatives, which in my opinion were a bit hopeless. Here the fact that you decide to consider the IPv4 address as a network opens new perspectives. For containerized environments it could be considered that each server, with one IPv4, can host 2^32 guests and that NAT is not needed anymore for example. It could also open the possibility that enthousiasts can more easily host some services at home behind their ADSL line without having to run on strange ports. However I think your approach is not the most efficient to encourage adoption. It's important to understand that there will be little incentive for people to patch their kernels to run some code if they don't have the applications on top of it. The kernel is not the end goal for most users, the kernel is just the lower layer needed to run applications on top. I looked at your site and the github repo, and all I could find was a pre-patched openssh, no simple explanation of what to change in an application. What you need to do first is to *explain* how to modify userland applications to support En-IP, provide an echo server and show the parts which have to be changed. Write a simple client and do the same. Provide your changes to existing programs as patches, not as pre-patched code. This way anyone can use your patches on top of other versions, and can use these patches to understand what has to be modified in their applications. Once applications are easy to patch, the incentive to install patched kernels everywhere will be higher. For many enthousiasts, knowing that they only have to modify the ADSL router to automatically make their internal IoT stuff accessible from outside indeed becomes appealing. Then you'll need to provide patches for well known applications like curl, wget, DNS servers (bind...), then browsers. In my case I could be interested in adding support for En-ip into haproxy, and only once I don't see any showstopped in doing this, I'd be willing to patch my kernel to support it. Last advice, provide links to your drafts in future e-mails, they are not easy to find on your site, we have to navigate through various pages to finally find them. Regards, Willy
Powered by blists - more mailing lists